May 2020 Patch Bulletin

May 2020 Patch Bulletin

This is a big month with 111 unique CVE’s, 6 technologies with critical updates, but the good news is that there are no updates that were publicly disclosed or exploited in the wild. 

Windows has numerous critical updates with a range of impacts.

For additional details, please find the information from Microsoft below:

Technology Products Affected SeverityReferenceWorkaround/Exploited/ Publicly Disclosed Vulnerability Info
 
Windows Windows 8.1, 8.1 RT, 10, Server 2012, 2012 R2, 2016, 2019Critical CVE-2020-0909
CVE-2020-0963
CVE-2020-1010
CVE-2020-1021
CVE-2020-1028
CVE-2020-1048
CVE-2020-1051
CVE-2020-1054
CVE-2020-1055
CVE-2020-1061
CVE-2020-1067
CVE-2020-1068
CVE-2020-1070
CVE-2020-1071
CVE-2020-1072
CVE-2020-1075
CVE-2020-1076
CVE-2020-1077
CVE-2020-1078
CVE-2020-1079
CVE-2020-1080
CVE-2020-1081
CVE-2020-1082
CVE-2020-1084
CVE-2020-1086
CVE-2020-1087
CVE-2020-1088
CVE-2020-1090
CVE-2020-1109
CVE-2020-1110
CVE-2020-1111
CVE-2020-1112
CVE-2020-1113
CVE-2020-1114
CVE-2020-1116
CVE-2020-1117
CVE-2020-1118
CVE-2020-1121
CVE-2020-1123
CVE-2020-1124
CVE-2020-1125
CVE-2020-1126
CVE-2020-1131
CVE-2020-1132
CVE-2020-1134
CVE-2020-1135
CVE-2020-1136
CVE-2020-1137
CVE-2020-1138
CVE-2020-1139
CVE-2020-1140
CVE-2020-1141
CVE-2020-1142
CVE-2020-1143
CVE-2020-1144
CVE-2020-1145/a>
CVE-2020-1149
CVE-2020-1151
CVE-2020-1153
CVE-2020-1154
CVE-2020-1155
CVE-2020-1156
CVE-2020-1157
CVE-2020-1158
CVE-2020-1164
CVE-2020-1165
CVE-2020-1166
CVE-2020-1174
CVE-2020-1175
CVE-2020-1176
CVE-2020-1179
CVE-2020-1184
CVE-2020-1185
CVE-2020-1186
CVE-2020-1187
CVE-2020-1188
CVE-2020-1189
CVE-2020-1190
CVE-2020-1191
Workaround: No
Public: No
Exploited: No
Elevation of Privilege
Remote Code Execution
Spoofing
Security Feature Bypass
Denial of Service
Information Disclosure
Edge HTML-basedLegacyCriticalCVE-2020-1037
CVE-2020-1056
CVE-2020-1059
CVE-2020-1065
CVE-2020-1096
Workaround: No
Public: No
Exploited: No
Spoofing
Remote Code Execution
Elevation of Privilege
ChakraCoreAllCriticalCVE-2020-1037
CVE-2020-1065
Workaround: No
Exploited: No
Public: No
Remote Code Execution
IE11CriticalCVE-2020-1035
CVE-2020-1058
CVE-2020-1060
CVE-2020-1062
CVE-2020-1064
CVE-2020-1092
CVE-2020-1093
Workaround: No
Exploited: No
Public: No
Remote Code Execution
Office, Office Services, Office Web Apps365 Apps for Enterprise
Excel 2010, 2013, 2016, 2019, 2016 for Mac, 2019 for Mac
SharePoint Enterprise Server 2013, 2016
SharePoint Foundation 2013

SharePoint Server 2020, 2019
Office 365
CriticalCVE-2020-1024
CVE-2020-1099
CVE-2020-1069
CVE-2020-1100
CVE-2020-1103
CVE-2020-1107
CVE-2020-1105
CVE-2020-1106
CVE-2020-0901
CVE-2020-1023
CVE-2020-1101
CVE-2020-1102
CVE-2020-1104
Workaround: No
Exploited: No
Public: No
Remote Code Execution
Spoofing
Information Disclosure
Visual Studio2017, 2019, CodeCriticalCVE-2020-1161
CVE-2020-1108
CVE-2020-1171
CVE-2020-1192
Workaround: No
Exploited: No
Public: No
Denial of Service
Remote Code Execution
DynamicsDynamics 365 Version 8.2, 9.0ImportantCVE-2020-1063Workaround: No
Exploited: No
Public: No
Spoofing
.NET Framework.NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8ImportantCVE-2020-1066
CVE-2020-1108
Workaround: No
Exploited: No
Public: No
Denial of Service
Elevation of Privilege
.NET Core.NET Core 2.1, 3.1
ASP .NET Core 3.1
ImportantCVE-2020-1108
CVE-2020-1161
Workaround: No
Exploited: No
Public: No
Denial of Service
Power BiPower Bi Report ServerImportantCVE-2020-1173Workaround: No
Exploited: No
Public: No
Spoofing

In case of any questions or clarifications please feel free to reach out to ECHO’s Service Desk.